search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Enable total anonymization in vfs_smb_traffic_analyzer, by mapping any user names...
[Samba/ekacnet.git] / librpc / idl / eventlog.idl
blobc7524f3c3884afc871f74b1c39c9d85d231cad69
1 #include "idl_types.h"
2
3 /*
4 eventlog interface definition
5 */
6
7 import "lsa.idl", "security.idl";
8
9 [ uuid("82273fdc-e32a-18c3-3f78-827929dc23ea"),
10 version(0.0),
11 helpstring("Event Logger")
12 ] interface eventlog
13 {
14 typedef [bitmap32bit] bitmap {
15 EVENTLOG_SEQUENTIAL_READ = 0x0001,
16 EVENTLOG_SEEK_READ = 0x0002,
17 EVENTLOG_FORWARDS_READ = 0x0004,
18 EVENTLOG_BACKWARDS_READ = 0x0008
19 } eventlogReadFlags;
20
21 typedef [public] enum {
22 EVENTLOG_SUCCESS = 0x0000,
23 EVENTLOG_ERROR_TYPE = 0x0001,
24 EVENTLOG_WARNING_TYPE = 0x0002,
25 EVENTLOG_INFORMATION_TYPE = 0x0004,
26 EVENTLOG_AUDIT_SUCCESS = 0x0008,
27 EVENTLOG_AUDIT_FAILURE = 0x0010
28 } eventlogEventTypes;
29
30 typedef struct {
31 uint16 unknown0;
32 uint16 unknown1;
33 } eventlog_OpenUnknown0;
34
35 typedef [flag(NDR_NOALIGN),public] struct {
36 uint32 size;
37 [charset(DOS),value("eLfL")] uint8 reserved[4];
38 uint32 record_number;
39 time_t time_generated;
40 time_t time_written;
41 uint32 event_id;
42 eventlogEventTypes event_type;
43 [range(0,256)] uint16 num_of_strings;
44 uint16 event_category;
45 uint16 reserved_flags;
46 uint32 closing_record_number;
47 uint32 stringoffset;
48 [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size;
49 uint32 sid_offset;
50 uint32 data_length;
51 uint32 data_offset;
52 nstring source_name;
53 nstring computer_name;
54 [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid;
55 nstring strings[num_of_strings];
56 astring raw_data;
57 [flag(NDR_ALIGN4)] DATA_BLOB _padding;
58 [value(size)] uint32 size2;
59 } eventlog_Record;
60
61 /* compat structure for samba3 on-disc eventlog format,
62 this is *NOT* used on the wire. - gd */
63
64 typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
65 uint32 size;
66 [charset(DOS),value("eLfL")] uint8 reserved[4];
67 uint32 record_number;
68 time_t time_generated;
69 time_t time_written;
70 uint32 event_id;
71 eventlogEventTypes event_type;
72 [range(0,256)] uint16 num_of_strings;
73 uint16 event_category;
74 uint16 reserved_flags;
75 uint32 closing_record_number;
76 uint32 stringoffset;
77 [value(sid.length)] uint32 sid_length;
78 uint32 sid_offset;
79 [value(data.length)] uint32 data_length;
80 uint32 data_offset;
81 [value(2*strlen_m_term(source_name))] uint32 source_name_len;
82 nstring source_name;
83 [value(2*strlen_m_term(computer_name))] uint32 computer_name_len;
84 nstring computer_name;
85 uint32 sid_padding;
86 DATA_BLOB sid;
87 [value(2*ndr_size_string_array(strings, num_of_strings, STR_NULLTERM))] uint32 strings_len;
88 nstring strings[num_of_strings];
89 DATA_BLOB data;
90 uint32 padding;
91 } eventlog_Record_tdb;
92
93 typedef [v1_enum] enum {
94 ELF_LOGFILE_HEADER_DIRTY = 0x0001,
95 ELF_LOGFILE_HEADER_WRAP = 0x0002,
96 ELF_LOGFILE_LOGFULL_WRITTEN = 0x0004,
97 ELF_LOGFILE_ARCHIVE_SET = 0x0008
98 } EVENTLOG_HEADER_FLAGS;
99
100 typedef [public] struct {
101 [value(0x30)] uint32 HeaderSize;
102 [charset(DOS),value("LfLe")] uint8 Signature[4];
103 [value(1)] uint32 MajorVersion;
104 [value(1)] uint32 MinorVersion;
105 uint32 StartOffset;
106 uint32 EndOffset;
107 uint32 CurrentRecordNumber;
108 uint32 OldestRecordNumber;
109 uint32 MaxSize;
110 EVENTLOG_HEADER_FLAGS Flags;
111 uint32 Retention;
112 [value(0x30)] uint32 EndHeaderSize;
113 } EVENTLOGHEADER;
114
115 typedef [public,gensize] struct {
116 uint32 Length;
117 [charset(DOS),value("LfLe")] uint8 Reserved[4];
118 uint32 RecordNumber;
119 time_t TimeGenerated;
120 time_t TimeWritten;
121 uint32 EventID;
122 eventlogEventTypes EventType;
123 uint16 NumStrings;
124 uint16 EventCategory;
125 uint16 ReservedFlags;
126 uint32 ClosingRecordNumber;
127 [value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername))+UserSidLength)] uint32 StringOffset;
128 [value(ndr_size_dom_sid0(&UserSid, ndr->flags))] uint32 UserSidLength;
129 [value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername)))] uint32 UserSidOffset;
130 uint32 DataLength;
131 [value(56+2*(strlen_m_term(SourceName)+strlen_m_term(Computername))+UserSidLength+(2*ndr_size_string_array(Strings, NumStrings, STR_NULLTERM)))] uint32 DataOffset;
132 nstring SourceName;
133 nstring Computername;
134 [flag(NDR_ALIGN4),subcontext(0),subcontext_size(UserSidLength)] dom_sid0 UserSid;
135 nstring Strings[NumStrings];
136 [flag(NDR_PAHEX)] uint8 Data[DataLength];
137 astring Pad;
138 [value(Length)] uint32 Length2;
139 } EVENTLOGRECORD;
140
141 typedef [public] struct {
142 [value(0x28)] uint32 RecordSizeBeginning;
143 [value(0x11111111)] uint32 One;
144 [value(0x22222222)] uint32 Two;
145 [value(0x33333333)] uint32 Three;
146 [value(0x44444444)] uint32 Four;
147 uint32 BeginRecord;
148 uint32 EndRecord;
149 uint32 CurrentRecordNumber;
150 uint32 OldestRecordNumber;
151 [value(0x28)] uint32 RecordSizeEnd;
152 } EVENTLOGEOF;
153
154 /* the following is true for a non-wrapped evt file (e.g. backups
155 * generated and viewed with eventvwr) */
156
157 typedef [public] struct {
158 EVENTLOGHEADER hdr;
159 EVENTLOGRECORD records[hdr.CurrentRecordNumber-hdr.OldestRecordNumber];
160 EVENTLOGEOF eof;
161 } EVENTLOG_EVT_FILE;
162
163 /******************/
164 /* Function: 0x00 */
165 NTSTATUS eventlog_ClearEventLogW(
166 [in] policy_handle *handle,
167 [in,unique] lsa_String *backupfile
168 );
169
170 /******************/
171 /* Function: 0x01 */
172 NTSTATUS eventlog_BackupEventLogW(
173 [in] policy_handle *handle,
174 [in,ref] lsa_String *backup_filename
175 );
176
177 /******************/
178 /* Function: 0x02 */
179 NTSTATUS eventlog_CloseEventLog(
180 [in,out] policy_handle *handle
181 );
182
183 /******************/
184 /* Function: 0x03 */
185 NTSTATUS eventlog_DeregisterEventSource(
186 [in,out] policy_handle *handle
187 );
188
189 /******************/
190 /* Function: 0x04 */
191 NTSTATUS eventlog_GetNumRecords(
192 [in] policy_handle *handle,
193 [out,ref] uint32 *number
194 );
195
196 /******************/
197 /* Function: 0x05 */
198 NTSTATUS eventlog_GetOldestRecord(
199 [in] policy_handle *handle,
200 [out,ref] uint32 *oldest_entry
201 );
202
203 /******************/
204 /* Function: 0x06 */
205 [todo] NTSTATUS eventlog_ChangeNotify();
206
207 /******************/
208 /* Function: 0x07 */
209 NTSTATUS eventlog_OpenEventLogW(
210 [in,unique] eventlog_OpenUnknown0 *unknown0,
211 [in,ref] lsa_String *logname,
212 [in,ref] lsa_String *servername,
213 [in] uint32 major_version,
214 [in] uint32 minor_version,
215 [out] policy_handle *handle
216 );
217
218 /******************/
219 /* Function: 0x08 */
220 NTSTATUS eventlog_RegisterEventSourceW(
221 [in,unique] eventlog_OpenUnknown0 *unknown0,
222 [in,ref] lsa_String *module_name,
223 [in,ref] lsa_String *reg_module_name,
224 [in] uint32 major_version,
225 [in] uint32 minor_version,
226 [out] policy_handle *log_handle
227 );
228
229 /******************/
230 /* Function: 0x09 */
231 NTSTATUS eventlog_OpenBackupEventLogW(
232 [in,unique] eventlog_OpenUnknown0 *unknown0,
233 [in,ref] lsa_String *backup_logname,
234 [in] uint32 major_version,
235 [in] uint32 minor_version,
236 [out] policy_handle *handle
237 );
238
239 /******************/
240 /* Function: 0x0a */
241 NTSTATUS eventlog_ReadEventLogW(
242 [in] policy_handle *handle,
243 [in] eventlogReadFlags flags,
244 [in] uint32 offset,
245 [in] [range(0,0x7FFFF)] uint32 number_of_bytes,
246 [out,ref,size_is(number_of_bytes)] uint8 *data,
247 [out,ref] uint32 *sent_size,
248 [out,ref] uint32 *real_size
249 );
250
251 /*****************/
252 /* Function 0x0b */
253 NTSTATUS eventlog_ReportEventW(
254 [in] policy_handle *handle,
255 [in] time_t timestamp,
256 [in] eventlogEventTypes event_type,
257 [in] uint16 event_category,
258 [in] uint32 event_id,
259 [in] [range(0,256)] uint16 num_of_strings,
260 [in] [range(0,0x3FFFF)] uint32 data_size,
261 [in,ref] lsa_String *servername,
262 [in,unique] dom_sid *user_sid,
263 [in,unique] [size_is(num_of_strings)] lsa_String **strings,
264 [in,unique] [size_is(data_size)] uint8 *data,
265 [in] uint16 flags,
266 [in,out,unique] uint32 *record_number,
267 [in,out,unique] time_t *time_written
268 );
269
270 /*****************/
271 /* Function 0x0c */
272 [todo] NTSTATUS eventlog_ClearEventLogA();
273
274 /******************/
275 /* Function: 0x0d */
276 [todo] NTSTATUS eventlog_BackupEventLogA();
277
278 /*****************/
279 /* Function 0x0e */
280 [todo] NTSTATUS eventlog_OpenEventLogA();
281
282 /*****************/
283 /* Function 0x0f */
284 [todo] NTSTATUS eventlog_RegisterEventSourceA();
285
286 /*****************/
287 /* Function 0x10 */
288 [todo] NTSTATUS eventlog_OpenBackupEventLogA();
289
290 /*****************/
291 /* Function 0x11 */
292 [todo] NTSTATUS eventlog_ReadEventLogA();
293
294 /*****************/
295 /* Function 0x12 */
296 [todo] NTSTATUS eventlog_ReportEventA();
297
298 /*****************/
299 /* Function 0x13 */
300 [todo] NTSTATUS eventlog_RegisterClusterSvc();
301
302 /*****************/
303 /* Function 0x14 */
304 [todo] NTSTATUS eventlog_DeregisterClusterSvc();
305
306 /*****************/
307 /* Function 0x15 */
308 [todo] NTSTATUS eventlog_WriteClusterEvents();
309
310 /*****************/
311 /* Function 0x16 */
312
313 typedef struct {
314 boolean32 full;
315 } EVENTLOG_FULL_INFORMATION;
316
317 NTSTATUS eventlog_GetLogIntormation(
318 [in] policy_handle *handle,
319 [in] uint32 level,
320 [out,ref] [size_is(buf_size)] uint8 *buffer,
321 [in] [range(0,1024)] uint32 buf_size,
322 [out,ref] uint32 *bytes_needed
323 );
324
325 /*****************/
326 /* Function 0x17 */
327 NTSTATUS eventlog_FlushEventLog(
328 [in] policy_handle *handle
329 );
330
331 /*****************/
332 /* Function 0x18 */
333 NTSTATUS eventlog_ReportEventAndSourceW(
334 [in] policy_handle *handle,
335 [in] time_t timestamp,
336 [in] eventlogEventTypes event_type,
337 [in] uint16 event_category,
338 [in] uint32 event_id,
339 [in,ref] lsa_String *sourcename,
340 [in] [range(0,256)] uint16 num_of_strings,
341 [in] [range(0,0x3FFFF)] uint32 data_size,
342 [in,ref] lsa_String *servername,
343 [in,unique] dom_sid *user_sid,
344 [in,unique] [size_is(num_of_strings)] lsa_String **strings,
345 [in,unique] [size_is(data_size)] uint8 *data,
346 [in] uint16 flags,
347 [in,out,unique] uint32 *record_number,
348 [in,out,unique] time_t *time_written
349 );
350 }